-
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'origin/develop' into feat/414-large-num…
…bers-of-projects-on-the-home-page-are-difficult-to-navigate
- Loading branch information
Showing
48 changed files
with
260 additions
and
160 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
2 changes: 1 addition & 1 deletion
2
.../LexBoxApi/Auth/AdminRequiredAttribute.cs → ...Auth/Attributes/AdminRequiredAttribute.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...pi/Auth/CreateProjectRequiredAttribute.cs → ...ributes/CreateProjectRequiredAttribute.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
33 changes: 33 additions & 0 deletions
33
backend/LexBoxApi/Auth/Attributes/RequireAudienceAttribute.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
using LexCore.Auth; | ||
using Microsoft.AspNetCore.Authorization; | ||
|
||
namespace LexBoxApi.Auth.Attributes; | ||
|
||
public class RequireAudienceAttribute(params LexboxAudience[] audiences) | ||
: LexboxAuthAttribute(PolicyName), IAuthorizationRequirement, IAuthorizationRequirementData | ||
{ | ||
public const string PolicyName = "RequireAudiencePolicy"; | ||
/// <param name="audience">audience allowed to access this endpoint</param> | ||
/// <param name="exclusive">when false the default audience is also allowed, when true the default audience is not allowed</param> | ||
public RequireAudienceAttribute(LexboxAudience audience, bool exclusive = false) : this(exclusive | ||
? [audience] | ||
: [audience, LexboxAudience.LexboxApi]) | ||
{ | ||
} | ||
|
||
public LexboxAudience[] ValidAudiences { get; } = audiences; | ||
|
||
public IEnumerable<IAuthorizationRequirement> GetRequirements() | ||
{ | ||
yield return this; | ||
} | ||
} | ||
|
||
public class AllowAnyAudienceAttribute : LexboxAuthAttribute | ||
{ | ||
public const string PolicyName = "AllowAnyAudiencePolicy"; | ||
|
||
public AllowAnyAudienceAttribute() : base(PolicyName) | ||
{ | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
backend/LexBoxApi/Auth/Attributes/RequireCurrentUserInfoAttribute.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
using Microsoft.AspNetCore.Authorization; | ||
|
||
namespace LexBoxApi.Auth.Attributes; | ||
|
||
/// <summary> | ||
/// validates the updated date of the jwt against the database, should be used to make a jwt expire if the user is updated | ||
/// </summary> | ||
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)] | ||
public class RequireCurrentUserInfoAttribute: Attribute, IAuthorizationRequirement, IAuthorizationRequirementData | ||
{ | ||
public IEnumerable<IAuthorizationRequirement> GetRequirements() | ||
{ | ||
yield return this; | ||
} | ||
} |
2 changes: 1 addition & 1 deletion
2
...pi/Auth/VerifiedEmailRequiredAttribute.cs → ...ributes/VerifiedEmailRequiredAttribute.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
28 changes: 28 additions & 0 deletions
28
backend/LexBoxApi/Auth/Requirements/ValidateUserUpdatedHandler.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
using LexBoxApi.Auth.Attributes; | ||
using LexBoxApi.Services; | ||
using LexData; | ||
using Microsoft.AspNetCore.Authorization; | ||
using Microsoft.EntityFrameworkCore; | ||
|
||
namespace LexBoxApi.Auth.Requirements; | ||
|
||
public class ValidateUserUpdatedHandler(IHttpContextAccessor httpContextAccessor, ILogger<ValidateUserUpdatedHandler> logger) : AuthorizationHandler<RequireCurrentUserInfoAttribute> | ||
{ | ||
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, RequireCurrentUserInfoAttribute requirement) | ||
{ | ||
var httpContext = httpContextAccessor.HttpContext; | ||
var user = httpContext?.RequestServices.GetRequiredService<LoggedInContext>().MaybeUser; | ||
if (user is null) return; | ||
var userService = httpContext!.RequestServices.GetRequiredService<UserService>(); | ||
var actualUpdatedDate = await userService.GetUserUpdatedDate(user.Id); | ||
if (actualUpdatedDate != user.UpdatedDate) | ||
{ | ||
logger.LogInformation("User has been updated since login, {UpdatedDate} != {ActualUpdatedDate}", user.UpdatedDate, actualUpdatedDate); | ||
context.Fail(new AuthorizationFailureReason(this, "User has been updated since login")); | ||
} | ||
else | ||
{ | ||
context.Succeed(requirement); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.